Indonesian Journal of Electrical Engineering and Computer Science 
Vol. 27, No. 2, August 2022, pp. 922~935 
ISSN: 2502-4752, DOI: 10.1159 1/ijeecs.v27.i2.pp922-935 o 922 


Application of advanced encryption standard in the computer 
or handheld online year-round registration system 


Jomar L. Calpito, Paul L. Olanday, Alain C. Gallarde 
Instruction Department, Southern Isabela College of Arts and Trades, Isabela, Philippines 


Article Info 


ABSTRACT 


Article history: 


Received Jul 26, 2021 
Revised May 31, 2022 
Accepted Jun 10, 2022 


Keywords: 


3DES 

Advanced encryption standard 
Cipher 

Data encryption standard 

ISO 25010 

Symmetric-key cryptography 


With various severe security threats for web applications, ensuring security 
on the database layer itself is imperative. Hence, this study aims to protect 
data saved on the computer or handheld online year-round (CHOY) 
registration system using the advanced encryption standard (AES) to 
strengthen data security within the app so that even potential attackers gain 
access to the app's database; they cannot obtain valuable information 
because it is scrambled and unreadable. The proponents based the study's 
conceptual framework on the symmetric and asymmetric key algorithms and 
procedures manual on enrollment of Southern Isabela College of arts and 
trades (SICAT) and ISO 25010. The study consists of three elements: 
developing the CHOY web app imbued with AES, testing it in terms of 
online registration and spam prevention, and evaluating it using the ISO 
25010 in terms of compatibility, reliability, and security. The evaluation 
results show that implementing the AES in the CHOY web app meets the 
ISO 25010 criteria mentioned above. 
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1. INTRODUCTION 

This study focuses on applying the advanced encryption standard (AES) in encrypting and decrypting 
the database content of the computer or handheld online year-round (CHOY) web app. In addition, the 
researchers tested the app regarding online registration and encryption/ decryption capabilities, and the Southern 
Isabela College of arts and trades (SICAT) stakeholders evaluated it regarding compatibility, reliability, and 
security. Even before the pandemic, most institutions and businesses depend on web applications to 
collect/display information and extend their programs and services to their clients. Usually, they are developing 
their web apps based on the three-tier model, where the frontend, backend, and business logic are separated [1]. 
The first tier is the clients using a web browser, the second is the server-side application, and the third is the 
repository (database). However, these tiers have their vulnerabilities. Potential attackers might exploit one of 
these, and the whole application can be compromised [2]. The open web application security project (OWASP) 
released a document to further enhance an entity's web application security. It reflects widespread agreement on 
the most severe security threats to web applications [3]. Among the top 10 web application security risks 
identified in the document are injection, sensitive data exposure, cross-site scripting (XSS), broken 
authentication, broken access control, extensible markup language (XML) external entities (XXE), security 
misconfiguration, use of components with known vulnerabilities, insufficient logging and monitoring, and 
insecure deserialization. These attacks can access the database, resulting in data loss, corruption, disclosure to 
unauthorized parties, money laundering, or identity theft. 
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In response to the threats web applications face, researchers worldwide developed techniques and 
theories to prevent those. For instance, to detect XSS attacks, Pan and Mao [4] attempted to build templates 
for document object model (DOM)-based XSS detection using existing tools and solutions. Shalini and Usha 
[5] created a method to detect XSS attacks. They proposed a model that can see XSS on the client's browser 
without the need for third-party engagement. The experimental findings show that the proposed method is 
quite successful. Because the approach is platform-agnostic, it stopped possible exploits by prohibiting the 
malicious script from reaching the JavaScript engine instead of making potentially dangerous hypertext 
markup language (HTML) changes. Regarding structured query language (SQL) injection prevention, Singh 
et al. [6] suggested that privileges on the database must be minimized, implement consistent coding 
standards, and use SQL server firewall. Kamtuo and Soomlek [7] introduced SQL injection commands 
dataset extraction, pre-processing, and usage of machine learning model analysis for detection, testing, and 
training. Al-Sayid and Aldlaeen [8] introduced the use of a web application firewall. However, these 
initiatives have common drawbacks; it does not have node verified signature. Hence, Yunus et al. [9] 
introduced the blockchain concept to overcome SQL injection through node verification with internet 
protocol (IP) addresses to address the earlier issue. On the other hand, there is a massive investment in 
cryptography to ensure confidentiality, data integrity, and availability. Moreover, researchers worldwide are 
continuously working on cryptography algorithms to secure sensitive information [10]. 

The study and research of techniques for encrypted communication are known as cryptography. 
More generally, protocols are developed and assessed to overcome adversaries' power and extend to different 
facets of information security, like data privacy, protection, authentication, and non-repudiation [11]. In 
addition, it is a science and art of shielding knowledge from unauthorized entities by turning it into 
something that its attackers cannot recognize while being processed and transmitted [12]. 

In computing, the three types of cryptographic techniques are as shown in: the symmetric-key 
cryptography, which involves a single key for the sender and receiver to encrypt or decrypt plaintext; the 
hash functions, which reduces the length of an arbitrary input string to a fixed-length string; and public-key 
cryptography, which encrypts and decrypts texts using two keys (public and private) [13], [14]. In this 
pandemic, most institutions rely on web applications to extend their services to their stakeholders. Hence, it 
is critical to secure the information collected from these web applications. Potential attackers may access the 
database and use its content for illegal purposes. 

Aside from firewalls and other preventive measures, it is best to establish a form of defense at the 
data within the database itself, specifically in its columns, tables, or tablespaces [15]. Institutions can imbue 
their databases with database encryption algorithms so that if potential attackers breach the database, 
authorized users with the correct encryption keys are the only ones who can read the data stored. These 
algorithms scramble the database contents, rendering it useless for unauthorized intruders. 

Researchers concluded that both symmetric and asymmetric information could secure information 
over any medium through the years. However, there are differences in implementation and speed, among 
others. For example, the last key calculations are more secure than the former. Hence its implementation is 
complex and significantly slower [16]. On the other hand, while the former is less secure, it offers algorithms 
like AES with no weaknesses. Also, it is significantly faster, cheap, has low power consumption, and is easy 
to implement [17]. 

Examples of symmetric-key algorithms include the advanced encryption standard (AES), data 
encryption standard (DES), Blowfish, and triple DES. During the 1970s, the DES algorithm was widely used 
to provide a standard way to secure sensitive commercial and unclassified data. Later, the National Institute 
of Standards and Technology (NIST) replaced DES and paved the way for the AES, a more stable encryption 
standard best suited for protecting commercial transactions over the internet [18]. The triple-DES is the 
enhanced version of DES, where data is encrypted thrice using DES, and Blowfish is an algorithm created in 
1993. 

Researchers were able to increase the efficiency and security of existing algorithms by modifying 
them or combining them with new algorithms. Using numerous approaches, Farhan and Ali [19] improved 
MD5 with a 1024-bit input block message and a 160-bit output message. Databases are protected using two 
tactics, according to his research: maintaining data integrity by employing hash algorithms and improved 
MD5 to generate passwords for users, ensuring data secrecy, and encrypting vital data with the AES 
algorithm. As a result, verifying the database's security is as simple as collecting each constraint's configured 
hash value (MD5 improvement) and comparing it to the original version. Because of the additional tables 
storing the hash values for each entry and the attached file size in the method containing the keys to the size 
(2°32), the extended MDS is slower than the basic MDS. Ali and Farhan [20] improved the MD5 function for 
e-document verification by adding a dynamic variable length and a high efficiency that simulates the 
maximum level of security. Unlike the logistic system, which was used to encode ribonucleic acid (RNA) by 
generating a random matrix based on a new key created using the initial permutation (IP) tables used in the 
data encryption standard (DES) with the linear-feedback shift register (LFSR), this work proposes several 
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structures to improve the MDS hash function. The tests show that it has a high level of resistance to hackers 
while still, that can last a reasonable amount of time. Kadhim and Khalaf [21] proposed a new method for 
real-time security chatting based on a new block cipher algorithm that achieves peer-to-peer security for each 
communication connection. This system is divided into two parts: the first is concerned with the server, and 
the systems begin to establish connections between subscribers, generate keys, distribute dynamic keys, and 
guarantee that this subscriber is registered in the system. On the other hand, the second portion is concerned 
with data security and services by encrypting them with AES. The suggested approach enhances 
communication secrecy while manipulating the communication and data transfer process elegantly. 

Ali and Farhan [22] proposed a revolutionary approach for improving the data storage of a rapid 
quick response code (QR code). By integrating secret information inside a QR code message, the suggested 
algorithm incorporates a clear and straightforward plan for circumventing this obstacle. The QR code has 
been modified to include levels that aid in sharing secure messages of various sizes and the authentication of 
documents for verification and validation. The newly proposed QR code does not reconstruct the QR code's 
design or structure in this study. Instead, it improves security by using the Huffman compression method to 
minimize the size of the input data and the XOR function to encrypt the data using a changeable encryption 
key. The experimental results demonstrate the method's advantage over prior methods. Many known attacks 
can be thwarted by developing a new QR code model that meets security criteria while retaining the QR 
code's speed advantages. Naif et al. [23] developed a secure system based on a chaotic system combined with 
a lightweight AES modification. The sequences chaos keys used in the lightweight AES and SHAKE128 
were generated using the 5-D chaos system (a mix of logistic and Lorenz chaotic systems). The Lightweight 
AES has been developed to minimize the processing complexity of AES while increasing processing speed 
(by 145 percent), making it appropriate for use in IoT devices and sensors with low power consumption. 

In the end, researchers worldwide determined the best and most efficient encryption algorithm for 
data security. Kannan et al. [24] claimed that AES is faster and more secure than the DES because the NIST 
selected the former as a replacement for the latter. Sapna [25] showed that the AES has excellent security, 
efficient power consumption, and cost and has more key length than DES. Finally, Singh et al. [26] 
implemented DES, 3DES, AES, and RSA in VB.net to test input data size, time, and throughput algorithms. 
The results proved that AES is excellent in terms of performance and security. While it uses more power than 
DES, it uses far less than 3DES and RSA, making it the best option among the algorithms studied. 

The National Institute of Standards and Technology (NIST) started selecting some symmetric-key 
encryption algorithms to secure sensitive (unclassified) federal information to fulfill its regulatory obligations 
in 1997. NIST verified the approval of 15 candidate algorithms in 1998 and sought the cryptographic 
research community for assistance in evaluating them. After NIST reviewed the preliminary research 
findings, MARS, RCTM, Serpent, Twofish, and Rijndael were chosen as runners-up. NIST selected Rijndael 
as the new Advanced Encryption Standard following a study of additional public analyses of the finalists 
[27]. Vincent Rijmen and Joan Daemen made the winning algorithm, hence the word "Rijndael" [28]. 

AES is a block cipher that encrypts/ decrypts using the same key. AES will encrypt and decrypt 
128-bit blocks using various cipher keys up to 256 bits, which is the most remarkable bit size and is 
impenetrable by brute force based on computational power since the number of possible key combinations 
increases exponentially with key size [29] as shown in Table 1. 


Table 1. AES key size and possible combinations 
Key size Possible combinations 


1 bit 2 

2 bits 4 

4 bits 16 

8 bits 256 

16 bits 65536 

32 bits 4.2 x 10° 
56 bits (DES) 7.2 x10" 

64 bits 1.8 x 10” 


128 bits (AES) 3.4 x 103 
192 bits (AES) 6.2 x 107 
256 bits (AES) 1.1.x 107 


The AES has ten rounds to change from plaintext to ciphertext. To convert a text, each round is very 
close. The expand key rule governs how AES performs encryption and decryption. The algorithm will 
encrypt from round | to round 10. After that, the algorithm would decrypt in the opposite direction. The key 
is represented as words WO to W43. Forty-four words contain 4 bytes each in this sample, and the matrix key 
is saved as text (expanded key) [24]. 
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A few blocks or steps in the encryption process are suppressed in Figure 1. AES encrypts data or 
plaintext using 128-bit blocks as input, which a square matrix can interpret. At each encryption stage, the 
individual matrix is copied into a state array, which is changed. As a result, it is copied from an input matrix. 

With the AES implementation in the CHOY web app, clients can register online using the form 
provided by the app. Afterward, the app generates a key and converts the record fields into ciphertext, then 
saves it to the repository (the database). In this way, even if the database server is breached, potential 
attackers can only obtain meaningless data. On the other hand, the app can easily decrypt the information in 
the database to make it readable for administrators (school registrar), as shown in Figure 2. 


Plaintext Plaintext 


Round # 10 


Shift row 


[Add oma key j 36. 


Add round key w(40,43) Add round key 


Ciphertext Ciphertext 


Figure 1. AES encryption and decryption block diagram 
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Figure 2. Encryption and decryption process 


The main focus of this study is the application of the AES in developing the CHOY web app. 
Specifically, it aimed to: i) develop the CHOY web application applying the AES; ii) examine the app's 
functionality in terms of online registration and spam prevention; and iii) access the web app's technical 
elements in terms of compatibility, reliability, and security using the ISO 25010. 


2. RESEARCH METHOD 
2.1. Conceptual framework of the study 

The proponents of this study used the symmetric-key method, AES, ISO 25010 standards, and the 
procedures manual on enrollment and admission of Southern Isabela College of Arts and Trades (SICAT) to 
establish the conceptual framework. The basis for the encryption/ decryption of the framework is the AES 
algorithm, implemented in the CHOY web app, shown in Figure 3. 
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Figure 3. Conceptual framework of the study 


To summarize, Figure 3 shows that administrators and clients can enter information in the CHOY 
web app, and the AES algorithm will encrypt it before saving it in the database. If there is a need to view the 
saved student records, the app retrieves the ciphertext in the database and decrypts it using only the 
administrators’ pre-set key. With this, the app converts cipher into plain text, readably by administrators. 


2.2. AES as basis in encryption and decryption 

The AES largely relies on the number of rounds, as shown in Figure 1, and each round consists of four sub- 
processes: substitute byte, ShiftRows, MixColumn, and AddRoundKey transformation. To encrypt a 
plaintext, the earlier-mentioned sub-processes are performed orderly. To decrypt a ciphertext, the sub- 
processes are performed reversely, starting from the AddRoundKey transformation. For encryption and 
decryption, the following are performed: 


2.2.1. Substitute bytes transformation 

The first process in each round is the substitute bytes transformation. It substitutes one byte for 
another using a non-linear S-box. For instance, this process will replace a hexadecimal value A9 to D3, 
derived from the intersection of A and 9 as presented in Table 2 and Figure 4 [30]. 


Table 2. The AES S-box Table 
0 1 2 3 4 5 6 7 8 9 A B C D E F 
63 7C 71 7B F2 6B 6F C5 30 1 67 2B FE D7 AB 76 
CA 82 c9 7D FA 59 47 FO AD D4 A2 AF 9C A4 72 CO 


TMOAWPFOMAIDNRWNHRKSO 
on 
= 
o0 
A 
s! 
g 
Q 
N 
N 
N 
> 
oO 
D 
oo 
o0 
h 
a 
m 
mi 
ive) 
oo 
T 
J 
m 
Nn 
m 
=) 
ive] 
J 
[vo] 


2.2.2. Shiftrows transformation 

After SubByte, ShiftRows is the following phase that impacts the state. This move's basic principle 
is to cyclically transfer state bytes from row zero to the left of each row. The bytes of row zero remain 
unchanged in operation, and no permutation is performed. Only one byte is circularly pushed to the left in the 
first row, then two bytes have been relocated to the left in the second row. Three bytes have been relocated to 
the left in the last row [31]. The size of the new state remains unchanged at 16 bytes, but the location of the 
bytes in the state has been moved as shown in Figure 5 [30]. 
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Figure 5. ShiftRows transformation 


2.2.3. Mix columns transformation 

Each byte of one row is multiplied by each value (byte) of the state column in the matrix 
transformation process. Simply put, each state column must multiply by each matrix transformation row. The 
multiplication results are merged with eXclusive OR (XOR) in producing a new set of four bytes intended for 
the following state. This phase does not change the size of the state; it remains at its original size of 4x4, as 
illustrated in Figure 6 [30]. 


16 byte State 


b5 b9 b13 
b2 | b6 b10 b14 
b3 | b7 b11 b15 
b4 | b8 b12 b16 


Figure 6. Multiplication matrix 
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2.2.4. AddRoundKey transformation 

During this phase, the state (input data and key) are grouped in a 4x4 byte matrix [32]. The 
allocation of the 128-bit key and input data into the byte matrices is shown in Figure 6. When it comes to 
encrypting data, AddRoundKey can provide significantly more protection. The relationship between the key 
and the ciphertext is the basis for this operation. The primary key is utilized in originating the subkey in each 
round using the key scheduling of Rijndael. It has the same scale for subkey and state. The subkey is created 
by using bitwise XOR to combine each byte of the state with the corresponding byte of the subkey as shown 
in Figures 7 and 8 [33]. 


Round Start of 
Nunber Ro! 


a2 03 Ol 
0o 02 03 OL 
Ol OL 02 03 
03 OL O1 O2 


MixColumns matrix 


State matrix 
< p at end 
of round 
Constant inputs Variable input 


Figure 8. Inputs for single AES round 


After these processes, the plaintext is now encrypted and is unreadable to others. With this, potential 
attackers will obtain scrambled, useless information in the database if they managed to penetrate the web 
server. To decrypt the ciphertext, the processes mentioned above must be performed reversely using the key 
used to encrypt it, as shown in Figure 1. 
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2.3. System development model 

The development of the online registration will follow the rapid application development (RAD) 
methodology. It is a type of incremental model. In the RAD paradigm, the components or functions are 
constructed as if they were mini-projects. The projects are timed, delivered, and then put together into a 
working prototype. It can immediately provide something for the customer to see and use and feedback on 
their delivery and requirements. The model has been divided into four (4) stages: analysis and quick design; 
web application development, including building, demonstration, and refining; application testing; and 
application evaluation. Figure 9 shows the stages of online registration development using the AES 
algorithm. 


wo 
<“ 
ANALYSISAND ẹ} > PROTOTYPE f 
QUICK DESIGN Ù o evers Testing ) EVALUATI 
2 
% 


Figure 9. The rapid application development model used in the development of CHOY 


2.3.1. Analysis and quick design 

The analysis had been conducted to determine the information requirements. This include questions 
such as on what platform the system must be deployed based on the institution's clients. Also, researchers 
analyzed the problems by providing the present manual procedure diagram in Figure 10. 


Interested client 
inquires and secures 
list of requirements 


Registrar Validates 
the form 


Client returns to the 
office to present 
requirements 


Client fills out triplicate 
enrollment form 


Enrollee Pays 
corresponding fees to 
the cashier 


Enrollee gets 
information regarding 
on the date of start of 


the training 


i 


Figure 10. Manual procedure on registration of clients 


The manual procedure for registering clients is as follows: interested clients from distant cities or 
municipalities will go to the registrar's office for inquiries. They will get vital information such as schedules, 
fees, and requirements. After securing all the required documents, clients will return to the registrar's office 
for validation. Afterward, clients will fill out a triplicate form for the cashier, accounting, student copy, and 
the main form for the registrar's office. After validating the form, the enrollee pays corresponding fees to the 
cashier and gets informed on training. A fishbone diagram has been constructed based on the manual process, 
as shown in Figure 11. 

As shown in Figure 11, there are four (4) causes of the slow and unsecured method of student 
registration. One is the lack of security of data. Enrollment forms can be tampered with, resulting in 
unreliable information. It is also time-consuming because students must fill out a triplicate form, and 
afterward, the person-in-charge checks their profile form. The third is the large volume of paper work. In the 
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manual registration process, the enrollees must fill the triplicate form, and it is added to the burden of the 
registrar's personnel because they have to reproduce these forms. In addition to these are the attachments, 
such as requirements that need to be organized. Lastly, there are problems in data entry, usually in the form 
of unreadable writings and inevitable changes in information (e.g., change in marital status). The proposed 
process flow for administrators is shown in Figure 12. 


Lack of Security Time 
of Data N Consuming \ 
Tamper ` Manual input aN 
Prone of Students 


\ Unreliable $ Manual Checking 


X Information of Personnel Slow and Unsecure 
{ \ 
7 

A 


Method of 
Student 
Enrollment / Unreadable f Registration 

Forms 4 Writings 7 ~~ 


E a 
4——Attachments __Inevitable change 
f i i in Information 
Large Volume of / Problems in Data / 


Paper Work Ent 


Figure 11. Fishbone diagram of the present registration system 
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Figure 12. Process flow for administrator 


Administrators must provide valid account credentials (username and password) in accessing the 
web app. It validates the entered credentials by decrypting the stored accounts on the database and checks 
whether the account entered exists or not. If yes, then the administrator can access the administrator 
dashboard, where he/ she can monitor students' applications. The AES decrypts information from the 
database before displaying it on the Administrator dashboard. The process flow for clients is illustrated in 
Figure 13. Clients must enter their complete personal information to accomplish the online registration. 
Subsequently, the AES algorithm encrypts the information before saving it in the database. 


Database Server 


= 
poo — Encrypt——— 
— oe ‘ a © k 
— = 
Register on the application Accomplish CAPTCHA 


Figure 13. Process flow for clients 
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2.3.2. Development 

The online registration was developed using Adobe Dreamweaver as the source code editor to keep 
track of the appearance of the web application while coding. For the HTTP and database server, XAMPP was 
considered since the application was developed on a windows platform. The application's interface and 
functionality were built using hypertext preprocessor (PHP) as the programming language and hypertext 
mark-up language (HTML) and JavaScript. The web server was APACHE, and the database server was 
MySQL. The device used in the web application development is a desktop computer with an Intel Celeron 
Processor of 2.4 GHz, 250GB Hard Disk, and 2GB DDR3 Memory running a 64-bit Windows 10 operating 
system. 


2.3.3. Testing and evaluation 

The following testing activities were conducted to ensure that the online registration works 
accordingly: the graphical user interface testing, in which the user interface is tested on a variety of devices 
to guarantee that every component of the interface is visible on a variety of devices and screen sizes; web app 
performance testing where all modules were tested to determine its response time; and Compatibility testing 
where the app was tested on various devices to ensure every component/functionalities are working on all 
types of devices. More importantly, online registration was tested in terms of information security and spam 
prevention. It is to ensure that the information saved on the repository is encrypted and spam can be 
prevented. To assess the technical features of the produced application in compatibility, reliability, and 
security, ISO 25010 was used [34]. Faculty, employees, and clients of the Southern Isabela College of Arts 
and Trades, a TESDA-administered school in the City of Santiago, Isabela, are included in the evaluation. 


3. RESULTS AND DISCUSSION 
3.1. Development and testing of CHOY applying the AES 

The information based on analysis served as a basis for determining the web application's modules. 
Clients can access the online registration portion of the web app in which they need to provide their basic 
information such as full name and contact numbers, among others. Completely automated public turing test 
to tell computers and humans apart (CAPTCHA) was used to prevent spamming by ensuring that the app 
would not be swamped with records from robots, as seen in Figure 14. 


*=  botdetect-php-cap...zip ^ 


Figure 14. Client registration of CHOY 


The advanced encryption algorithm encrypts all the information saved on the database regarding 
data security. For instance, if a specific client registers on the online registration, the saved information from 
the client will be encrypted. The record on the database is stored as a binary large object (BLOB) as shown in 
Figure 15. 
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Figure 15. Live database content of CHOY 


In a database management system, BLOB is a collection of binary data kept as a single object. If 
viewed or downloaded, the encrypted information will be shown. For instance, a sample plaintext "Olanday, 
Paul L." with hex key "37 33 20 36 39 20 36 33 20 36 31 20 37 34 20 34" will result in the following 
encrypted text: "JBc3QDfEl56ygk4tipSKOH57aqc7XgVLIAHYoY3B6PM=". The web application will 
decrypt the encrypted information on the database by reversing the encryption process to make it readable for 
administrators, as shown in Figure 16. With this, even an attacker gains access to the database, he/ she cannot 
read any of its contents. 


Students 


add New 


Unique Learner Identifier Last Name First Name Middle Name 


Agpao Kris Mablood 
Agpawit Arman Dela Cruz 
wgegr wenge qweew 


ads sdf sdf 


Gallarde Jep 


Gallarde Alain 


asdasd sadasdsadasd 


Figure 16. Decrypted information from the database on administrator dashboard 


The administrator dashboard consists of four modules: i) students registration which contains all the 
registration of clients, ii) qualifications management, which is intended for adding, editing, and deleting 
qualifications or courses, iii) trainers management module allows profiling of trainers, and iv) schedule 
management where students, qualifications, and trainers are added in a particular schedule, thus making a 
student "officially enrolled". 


3.2. Evaluation using the ISO 25010 standard 

The study's proponents employed the ISO/IEC 25010 standard to assess the app's compatibility, 
reliability, and security elements. The compatibility evaluation demonstrated that CHOY could execute the 
needed functions as specified during the analysis phase and that users could access it via various devices, 
including cellphones, laptops, and desktops. Furthermore, as indicated in Table 2, the overall mean of 4.0 
suggests that CHOY is commendable in coexistence and interoperability. 


Indonesian J Elec Eng & Comp Sci, Vol. 27, No. 2, August 2022: 922-935 


Indonesian J Elec Eng & Comp Sci ISSN: 2502-4752 0 933 


Table 2. Compatibility evaluation results 
Criteria Computed Descriptive 
mean interpretation 


Compatibility 
Coexistence. The application can efficiently perform its needed duties while sharing a 


shared environment and resources with other apps without causing problems. goz NEE Og? 
Interoperability. The online application that was created can be used on a variety of 3.98 Very Good 
devices, including smartphones. 

Overall Mean 4.00 Very Good 


Table 3 presents the reliability evaluation results. The overall mean of 4.0 shows that CHOY is 
reliable under normal operations. It also demonstrates that the app is operational and available when needed 
despite hardware or software failures. Finally, the web app can recover data that has been directly damaged, 
such as passwords and secret keys, and restore the program's desired state. 


Table 3. Reliability evaluation results 
Criteria Computed Descriptive 
mean interpretation 


Reliability 
Maturity. Under regular operation, the designed application and its components meet the 
requirements for reliability. 
Availability. When needed, the application is operational and accessible. 4.05 Very Good 
Fault Tolerance. Despite the presence of hardware or software flaws, the application 


4.00 Very Good 


3.95 Very Good 
performs as expected. 
Recoverability. In the event of an anomaly, the program can recover the data directly 3.98 Very Good 
affected (for example, passwords and secret keys) and restore the system to its ideal state. i y 
Overall Mean 4.00 Very Good 


Table 4 illustrates the security evaluation results, which reveal that CHOY ensures that data is only 
available to permitted users. It also protects computer programs and data from unwanted access or 
modification. The software includes built-in activity logs to document the action or events. This allows the 
actions of a given entity to be tracked back to it. Identifying a subject or resource can also be demonstrated as 
the one claimed. Because of the AES implementation, the overall mean of 4.04 indicates that the CHOY web 
app is secure. 


Table 4. Security evaluation results 


Criteria Computed Descriptive 
mean interpretation 
Security 

Confidentiality. The application ensures that information is available only to those who 417 Very Good 
have authorized access. 
Integrity. The application protects computer programs and data from unwanted access or 4.10 Very Good 
alteration. 
Non-repudiation. The application uses activity logs to confirm that activities or events can 3.95 

f Very Good 
be have occurred and cannot be denied later. 
Accountability. The application uses logs to trace an entity's actions. 3.93 Very Good 
Authenticity. The app can identify a subject or resource to be the one claimed. 4.07 Very Good 
Overall Mean 4.04 Very Good 


4. CONCLUSION 

Per the methodology used and findings from this study, the proponents made the following 
conclusions: i) the CHOY web application serves as an avenue for potential learners to enroll regardless of 
their distance and the institution. It also serves as a powerful tool for administrators in automating repetitive 
tasks such as manually checking the enrollment forms, reducing problems in data entry, and making the 
overall enrollment process faster and more efficient, ii) the Advanced Encryption Standard can be applied in 
an online registration like the CHOY web app to further enhance the records' security. Even potential 
attackers gain access to the database, they can only obtain useless information because database contents are 
scrambled and unreadable. Therefore, the developed web application passes the testing series conducted in 
online registration and information security, and iii) the features of the CHOY web app were presented and 
evaluated to/by the stakeholders. The result shows that the overall mean comprises three criteria: 
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compatibility, reliability, and security garnered a score of 4.01, which has a descriptive interpretation as 
"Very Good." Hence, the AES implementation in the CHOY web application is effective and is accepted by 
the end-users. 

The following recommendations were made based on the study's results and conclusions: 
i) the CHOY web application must cover all aspects of the enrollment process, specifically the cashiering and 
accounting processes. It must also be implemented as soon as possible, ii) the researchers of this study can 
enhance the AES algorithm to strengthen further the security of information stored in the database, and 
iii) the researchers can devise their own or use two or more algorithms to encrypt user information stored in 
the database to ensure data security further. 
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